Canadian Hacker Arrested for Creating Zombie Botnet

Wednesday, July 20, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Canadian authorities have arrested Joseph Mercier, a 24 year old professional information security manager on charges of creating a botnet which enslaved a large number of computers and servers in Canada, the United States, the United Arab Emirates, France, and Russia.

Mercer also infected systems with keylogging software to harvest information entered on computer keyboards, as well as software that allowed him to capture images from unsuspecting victim's webcams.

Botnets are an illicit network of computers and web servers that are established by infecting targeted hardware with malicious code, which can then be controlled remotely by criminal hackers.

Botnet controllers can then utilize the infected machines to conduct a variety of illegal operations, from massive email spam campaigns to distributed denial of service (DDoS) attacks designed to disable websites, such as those conducted by rogue hacktivist groups like Anonymous.

"We want to remind people to install an anti-virus software that is up to date on their computers. It might not be 100 per cent reliable for all viruses but it's always good to have. People also have to be careful when they open an email or a weblink without knowing who or where it comes from," said RCMP spokesman Cpl. Charles Vallee.

"It's very hard for a victim to realize that it's happening in their computer. Most people don't know until they get a phone call from police," Vallee said.

Recent events involving some of the largest botnets in the world underscore the significant threat to security efforts posed by the widespread use of zombie networks employed by criminal syndicates:

  • Kaspersky Lab researchers recently uncovered a super-botnet thought to have infected as many as 4.5 million devices so far in 2011, with 1.5 million of the infected IPs in the United States.
  • In an unprecedented move, the Department of Justice in April planned to issue instructions to systems infected by the Coreflood botnet that will cause the malware to delete itself from infected computers. Coreflood is thought to have infected more than two million PCs.
  • In March, Microsoft provided documentation that detailed the Rustock botnet's extensive structure in a federal court filing that was part of a lawsuit against a number of John Doe defendants. Acting on the information Microsoft provided, federal marshals raided several internet hosting providers across the U.S. and seized servers suspected of being used as Rustock command and control units.
  • After the shutdown of the Rustock botnet, the Harnig botnet was abandoned by its operators, and the command and control servers were wiped clean by the botnet's operators. Harnig was a key component of the Rustock botnet distribution network for about the last two years, and may have been scuttled in order to prevent investigators from tracking down its creators.
  • Also in March, Federal authorities issued an indictment in an elaborate case involving efforts to inflate penny stock prices in a "pump and dump" scheme that operated between 2007 and 2009. The scam employed botnets to distribute emails pushing stocks on potential investors with the intention to raise the stock's value before the operators sold off their holdings at a profit, leaving unwary investors with a loss.
Possibly Related Articles:
13124
Viruses & Malware
SPAM malware arrests Botnets Headlines Hacker Webcams Law Enforcement keylogger
Post Rating I Like this!
Ec9b0ab31140696dd578b354b1054635
Vulcan Mindm3ld The fact that he was a "professional information security manager" does not help our cause.
1311191500
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.